Created new articles, updated TOC

SnehaSudhirG · SnehaSudhirG · commit e86fdc8406e0 · 2025-02-26T23:21:19.000+05:30
diff --git a/articles/update-manager/cross-subscription-patching.md b/articles/update-manager/cross-subscription-patching.md
@@ -31,9 +31,9 @@ However, its capabilities go well beyond this. With proper configuration, you ca
 
 # [Supported OS type](#tab/sup-os)
 
-- **Windows**: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see [support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers)and [Azure VM for supported images](support-matrix-updates.md#supported-windows-os-images). 
+- **Windows**: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see [support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers)and [Azure VM for supported images](support-matrix-updates.md#azure-marketplacepir-images)
 
-- **Linux**: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, see[support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers) and [Azure VM for supported images](support-matrix-updates.md#supported-linux-os-images). 
+- **Linux**: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, see[support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers) and [Azure VM for supported images](support-matrix-updates.md#azure-marketplacepir-images). 
 
 ---
 
diff --git a/articles/update-manager/extended-security-updates.md b/articles/update-manager/extended-security-updates.md
@@ -0,0 +1,28 @@
+---
+title: Extended Security Updates (ESU) for Windows Server with Azure Update Manager
+description: Information on enrolling and managing Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 using Azure Update Manager.
+ms.service: azure-update-manager
+author: SnehaSudhirG
+ms.author: sudhirsneha
+ms.date: 02/26/2025
+ms.topic: overview
+---
+
+# Extended Security Updates (ESU) for Windows Server
+
+This article provides information on ESU on Azure VMs and Azure Arc machines.
+
+ESUs are available by default to Azure Virtual machines Azure ESU. Using Azure Update Manager, you can deploy Extended Security Updates for your Azure Arc-enabled Windows Server 2012 / R2 machines. 
+
+## Enroll Windows Server 2012 ESU on Arc machines
+
+To enroll in Windows Server 2012 Extended Security Updates on Arc connected machines, follow the guidance on [How to get Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 via Azure Arc](/windows-server/get-started/extended-security-updates-deploy#extended-security-updates-enabled-by-azure-arc).
+
+
+## Next steps
+
+- [View updates for a single machine](view-updates.md)
+- [Deploy updates now (on-demand) for a single machine](deploy-updates.md)
+- [Schedule recurring updates](scheduled-patching.md)
+- [Manage update settings via the portal](manage-update-settings.md)
+
diff --git a/articles/update-manager/manage-arc-enabled-servers-programmatically.md b/articles/update-manager/manage-arc-enabled-servers-programmatically.md
@@ -74,7 +74,7 @@ The following table describes the elements of the request body:
 | `windowsParameters - kbNumbersToExclude` | List of Windows Update KB Ids that are available to the machine and that should **not** be installed. If you've included any 'classificationsToInclude', the KBs available in the category will be installed. 'kbNumbersToExclude' is an option to provide list of specific KB IDs that you want to ensure don't get installed. For example: `5678`  |
 | `maxPatchPublishDate` | This is used to install patches that were published on or before this given max published date.| 
 | `linuxParameters` | Parameter options for Guest OS update when machine is running supported Linux distribution |
-| `linuxParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported & provided by Linux OS's package manager used. Acceptable values are: `Critical, Security, Others`. For more information, see [Linux package manager and OS support](support-matrix-updates.md#supported-linux-os-images). |
+| `linuxParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported & provided by Linux OS's package manager used. Acceptable values are: `Critical, Security, Others`. For more information, see [Linux package manager and OS support](support-matrix-updates.md#azure-marketplacepir-images). |
 | `linuxParameters - packageNameMasksToInclude` | List of Linux packages that are available to the machine and need to be installed. If you've included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToInclude' is an option to provide list of packages over and above that you want to get installed. For example: `mysql, libc=1.0.1.1, kernel*` |
 | `linuxParameters - packageNameMasksToExclude` | List of Linux packages that are available to the machine and should **not** be installed. If you've included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToExclude' is an option to provide list of specific packages that you want to ensure don't get installed. For example: `mysql, libc=1.0.1.1, kernel*` |
 
diff --git a/articles/update-manager/support-matrix-automatic-guest-patching.md b/articles/update-manager/support-matrix-automatic-guest-patching.md
@@ -15,86 +15,17 @@ By enabling automatic guest patching for your Azure Virtual Machines (VMs), you
 
 ## Supported OS images
 
-> [!NOTE]
->- Automatic VM guest patching, on-demand patch assessment and on-demand patch installation are supported only on VMs created from images with the exact combination of publisher, offer and sku from the below supported OS images list. Custom images or any other publisher, offer, sku combinations aren't supported. More images are added periodically. Don't see your SKU in the list? Request support by filing out [Image Support Request](https://forms.microsoft.com/r/6vfSgT0mFx).
->- If [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.
+Automatic VM guest patching, on-demand patch assessment and on-demand patch installation are supported only on VMs created from images with the exact combination of publisher, offer and sku from the below supported OS images list. Custom images or any other publisher, offer, sku combinations aren't supported. More images are added periodically. Don't see your SKU in the list? Request support by filing out [Image Support Request](https://forms.microsoft.com/r/6vfSgT0mFx).
 
+If [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.
 
-#### [Supported Windows Images (Hotpatchable)](#tab/win-hotpatch)
-
-| Publisher               | OS Offer      |  Sku               |
-|-------------------------|---------------|--------------------|
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-azure-edition-core |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-azure-edition-core-smalldisk |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-azure-edition-hotpatch |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-azure-edition-hotpatch-smalldisk |
-| MicrosoftWindowsServer  | WindowsServer | 2025-datacenter-azure-edition |
-| MicrosoftWindowsServer  | WindowsServer | 2025-datacenter-azure-edition-smalldisk |
-| MicrosoftWindowsServer  | WindowsServer | 2025-datacenter-azure-edition-core |
-| MicrosoftWindowsServer  | WindowsServer | 2025-datacenter-azure-edition-core-smalldisk |
-
-
-#### [Supported Windows Images (non-Hotpatchable)](#tab/win-nonhotpatch)
-
-| Publisher               | OS Offer      |  Sku               |
-|-------------------------|---------------|--------------------|
-| MicrosoftWindowsServer  | WindowsServer | 2008-R2-SP1 |
-| MicrosoftWindowsServer  | WindowsServer | 2012-R2-Datacenter |
-| MicrosoftWindowsServer  | WindowsServer | 2012-R2-Datacenter-gensecond |
-| MicrosoftWindowsServer  | WindowsServer | 2012-R2-Datacenter-smalldisk |
-| MicrosoftWindowsServer  | WindowsServer | 2012-R2-Datacenter-smalldisk-g2 |
-| MicrosoftWindowsServer  | WindowsServer | 2016-Datacenter    |
-| MicrosoftWindowsServer  | WindowsServer | 2016-datacenter-gensecond  |
-| MicrosoftWindowsServer  | WindowsServer | 2016-Datacenter-Server-Core |
-| MicrosoftWindowsServer  | WindowsServer | 2016-datacenter-smalldisk  |
-| MicrosoftWindowsServer  | WindowsServer | 2016-datacenter-with-containers  |
-| MicrosoftWindowsServer  | WindowsServer | 2019-Datacenter |
-| MicrosoftWindowsServer  | WindowsServer | 2019-Datacenter-Core |
-| MicrosoftWindowsServer  | WindowsServer | 2019-datacenter-gensecond  |
-| MicrosoftWindowsServer  | WindowsServer | 2019-datacenter-smalldisk  |
-| MicrosoftWindowsServer  | WindowsServer | 2019-datacenter-smalldisk-g2  |
-| MicrosoftWindowsServer  | WindowsServer | 2019-datacenter-with-containers  |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter    |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-smalldisk    |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-smalldisk-g2 |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-g2    |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-core |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-core-g2 |
-| MicrosoftWindowsServer  | WindowsServer | 2022-datacenter-azure-edition |
-
-#### [Supported Linux Images](#tab/lin-img)
-
-| Publisher               | OS Offer      |  Sku               |
-|-------------------------|---------------|--------------------|
-| Canonical  | UbuntuServer | 16.04-LTS |
-| Canonical  | UbuntuServer | 16.04.0-LTS |
-| Canonical  | UbuntuServer | 18.04-LTS |
-| Canonical  | UbuntuServer | 18.04-LTS-gen2 |
-| Canonical  | 0001-com-ubuntu-pro-bionic | pro-18_04-lts |
-| Canonical  | 0001-com-ubuntu-server-focal | 20_04-lts |
-| Canonical  | 0001-com-ubuntu-server-focal | 20_04-lts-gen2 |
-| Canonical  | 0001-com-ubuntu-pro-focal | pro-20_04-lts |
-| Canonical  | 0001-com-ubuntu-pro-focal | pro-20_04-lts-gen2 |
-| Canonical  | 0001-com-ubuntu-server-jammy | 22_04-lts |
-| Canonical  | 0001-com-ubuntu-server-jammy | 22_04-lts-gen2 |
-| microsoftcblmariner  | cbl-mariner | cbl-mariner-1 |
-| microsoftcblmariner  | cbl-mariner | 1-gen2 |
-| microsoftcblmariner  | cbl-mariner | cbl-mariner-2 |
-| microsoftcblmariner  | cbl-mariner | cbl-mariner-2-gen2 |
-| Redhat  | RHEL | 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7_9, 7-RAW, 7-LVM |
-| Redhat  | RHEL | 8, 8.1, 81gen2, 8.2, 82gen2, 8_3, 83-gen2, 8_4, 84-gen2, 8_5, 85-gen2, 8_6, 86-gen2, 8_7, 8_8, 8-lvm, 8-lvm-gen2 |
-| Redhat  | RHEL | 9_0, 9_1, 9-lvm, 9-lvm-gen2 |
-| Redhat  | RHEL-RAW | 8-raw, 8-raw-gen2 |
-| SUSE  | sles-12-sp5 | gen1, gen2 |
-| SUSE  | sles-15-sp2 | gen1, gen2 |
-
----
+## Customized images
 
 For VMs created from customized images even if the Patch orchestration mode is set to `Azure Orchestrated/AutomaticByPlatform`, automatic VM guest patching doesn't work. We recommend that you use scheduled patching to patch the machines by defining your own schedules or install updates on-demand.
 
 ## Next steps
 
-- [View updates for a single machine](view-updates.md)
+- [Supported regions](supported-regions.md)
 - [Deploy updates now (on-demand) for a single machine](deploy-updates.md)
 - [Schedule recurring updates](scheduled-patching.md)
 - [Manage update settings via the portal](manage-update-settings.md)
diff --git a/articles/update-manager/support-matrix.md b/articles/update-manager/support-matrix.md
@@ -1,35 +1,32 @@
 ---
-title: Azure Update Manager support matrix
-description: This article provides a summary of supported regions and operating system settings.
+title: Azure Update Manager supported OS, update sources, and types
+description: This article provides information on update sources, and types of updates and best practices for managing updates on your Azure VMs and servers.
 ms.service: azure-update-manager
 author: SnehaSudhirG
 ms.author: sudhirsneha
-ms.date: 01/29/2025
+ms.date: 02/26/2025
 ms.topic: overview
-ms.custom: references_regions
 ---
 
 # Supported updates for Azure Update Manager
 
-This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Azure Update Manager. 
+This article provides detailed information on the supported operating systems, update sources, and types of updates that can be managed using Azure Update Manager. Additionally, it outlines the system requirements for machines or servers managed by Azure Update Manager.
 
-### Supported update sources
+## Supported update sources
+
+Azure Update Manager honors the update source settings on the machine and will fetch updates accordingly. AUM doesn't publish or provide updates.
 For more information, see the  supported [update sources](workflow-update-manager.md#update-source). 
 
-### Supported update types
+## Supported update types
 The following types of updates are supported.
 
-#### Operating system updates
-Update Manager supports operating system updates for both Windows and Linux.
-
-Update Manager doesn't support driver updates.
+**Operating system updates** - Azure Update Manager supports operating system updates for both Windows and Linux.
 
-#### Extended Security Updates (ESU) for Windows Server
+>[!NOTE]
+> Update Manager doesn't support driver updates.
 
-Using Azure Update Manager, you can deploy Extended Security Updates for your Azure Arc-enabled Windows Server 2012 / R2 machines. ESUs are available by default to Azure Virtual machines. To enroll in Windows Server 2012 Extended Security Updates on Arc connected machines, follow the guidance on [How to get Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 via Azure Arc](/windows-server/get-started/extended-security-updates-deploy#extended-security-updates-enabled-by-azure-arc).
 
-
-#### Microsoft application updates on Windows
+## Microsoft application updates on Windows
 
 By default, the Windows Update client is configured to provide updates only for the Windows operating system. 
 
@@ -73,18 +70,6 @@ Third party application updates are supported in Azure Update Manager. If you in
 
 As Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client is enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see [Configure Windows Update settings](configure-wu-agent.md).
 
-## Unsupported workloads
-
-The following table lists the workloads that aren't supported.
-
-   | **Workloads**| **Notes**
-   |----------|-------------|
-   | Windows client | For client operating systems such as Windows 10 and Windows 11, we recommend [Microsoft Intune](/mem/intune/) to manage updates.|
-   | Virtual Machine Scale Sets| We recommend that you use [Automatic upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) to patch the Virtual Machine Scale Sets.|
-   | Azure Kubernetes Service nodes| We recommend the patching described in [Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS)](/azure/aks/node-updates-kured).|
-
-As Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client is enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see [Configure Windows Update settings](configure-wu-agent.md).
-
 
 ## Next steps
 
diff --git a/articles/update-manager/toc.yml b/articles/update-manager/toc.yml
@@ -27,12 +27,16 @@ items:
       href: support-matrix-updates.md
     - name: Automatic VM Guest Patching
       href: support-matrix-automatic-guest-patching.md
-  - name: Supported update types and update sources
+    - name: Unsupported workloads
+      href: unsupported-workloads.md
+  - name: Supported update sources and update types
     items:
-    - name: Supported updates
+    - name: Supported updates, Types, Microsoft updates and Third-party updates
       href: support-matrix.md
-    - name: Ubuntu Pro support
-      href: security-awareness-ubuntu-support.md
+  - name: Extended Security Updates
+    href: extended-security-updates.md
+  - name: Ubuntu Pro support
+    href: security-awareness-ubuntu-support.md
 - name: Quickstarts
   items:
   - name: Check and install on-demand updates
diff --git a/articles/update-manager/unsupported-workloads.md b/articles/update-manager/unsupported-workloads.md
@@ -0,0 +1,37 @@
+---
+title: Unsupported Workloads for Azure Update Manager
+description: Learn about the workloads that are not supported by Azure Update Manager.
+ms.service: azure-update-manager
+author: SnehaSudhirG
+ms.author: sudhirsneha
+ms.date: 02/26/2025
+ms.topic: overview
+---
+
+# Unsupported workloads
+
+**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs
+
+## Overview 
+
+This article provides an overview of unsupported operating systems and custom VM images, along with recommendations for alternative update management solutions.
+
+Unsupported workloads include operating systems like Windows 10 and 11, which are best managed with Microsoft Intune, as well as custom VM images that might not have the necessary agent installed to receive updates
+
+
+The following table lists the workloads that aren't supported.
+
+   | **Workloads**| **Notes**
+   |----------|-------------|
+   | Windows client | For client operating systems such as Windows 10 and Windows 11, we recommend [Microsoft Intune](/mem/intune/) to manage updates.|
+   | Virtual Machine Scale Sets| We recommend that you use [Automatic upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) to patch the Virtual Machine Scale Sets.|
+   | Azure Kubernetes Service nodes| We recommend the patching described in [Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS)](/azure/aks/node-updates-kured).|
+
+As Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client is enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see [Configure Windows Update settings](configure-wu-agent.md).
+
+## Next steps
+
+- [Supported regions](supported-regions.md)
+- [Deploy updates now (on-demand) for a single machine](deploy-updates.md)
+- [Schedule recurring updates](scheduled-patching.md)
+- [Manage update settings via the portal](manage-update-settings.md)
